ok so i have this bug and i have tried to find a different post about it and haven't found any that have the solution to getting rid of the problem. i think online security guide and live saftey center go with it correct? well i need it gone because i can't do anything with out it opening a security warning add every minute. i posted another problem i was having called cmdservice and haven't got a reply from what he said last time and have not seen him on.


i would LOVE some help if that is possible,thank you,

REDTRIFORCE

ComboFix 07-12-02.6 - James Stephenson 2007-12-07 15:21:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.682 [GMT -6:00]
Running from: C:\Documents and Settings\James Stephenson\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\James Stephenson\Desktop\Live Safety Center.lnk
C:\Documents and Settings\James Stephenson\Desktop\Online Security Guide.lnk
C:\Documents and Settings\James Stephenson\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\nqfrgdla.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-07 15:42 . 2007-12-07 15:43 414 ---hs---- C:\WINDOWS\system32\nqfrgdla.dllbox
2007-12-06 15:29 . 2007-12-07 15:42 7,001 --ahs---- C:\WINDOWS\system32\ghhkj.ini2
2007-12-06 15:28 . 2007-12-07 15:43 7,001 --ahs---- C:\WINDOWS\system32\ghhkj.ini
2007-12-06 15:04 . 2007-12-06 15:04 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-06 15:03 . 2007-12-06 15:03 36,928 --a------ C:\WINDOWS\system32\qerboxse.dll
2007-12-06 15:00 . 2007-12-06 15:00 36,928 --a------ C:\WINDOWS\system32\xprmokfx.dll
2007-12-06 15:00 . 2007-12-06 15:00 36,928 --a------ C:\WINDOWS\system32\dowwbaje.dll
2007-12-06 14:57 . 2007-12-06 14:57 36,928 --a------ C:\WINDOWS\system32\lcwfdrge.dll
2007-12-06 14:57 . 2007-12-06 14:57 36,928 --a------ C:\WINDOWS\system32\hluvaxnh.dll
2007-12-06 14:54 . 2007-12-06 14:54 36,928 --a------ C:\WINDOWS\system32\jcetkkew.dll
2007-12-06 14:54 . 2007-12-06 14:54 36,928 --a------ C:\WINDOWS\system32\cflcsvex.dll
2007-12-06 09:49 . 2007-12-06 09:49 <DIR> d-------- C:\tempo
2007-12-06 09:48 . 2007-12-06 09:48 66,048 --a------ C:\22B1.tmp
2007-12-06 09:48 . 2007-12-06 09:48 1 --a------ C:\22B3.tmp
2007-12-06 08:55 . 2007-12-06 08:55 <DIR> d-------- C:\Program Files\E404 Helper
2007-12-06 08:55 . 2007-12-06 08:55 9,216 --a------ C:\Program Files\avp.exe
2007-12-05 23:33 . 2007-12-05 23:33 <DIR> d-------- C:\WINDOWS\sifmulfd
2007-12-05 23:33 . 2007-12-05 23:33 <DIR> d-------- C:\WINDOWS\PerfInfo
2007-12-05 23:33 . 2007-12-05 23:33 <DIR> d-------- C:\WINDOWS\KBOpt
2007-12-05 23:33 . 2007-12-05 23:33 71,680 --a------ C:\WINDOWS\efuzwvwr.dll
2007-12-05 23:33 . 2007-12-05 23:33 31,744 --a------ C:\winyres.exe
2007-12-05 23:33 . 2007-12-05 23:33 8,711 --a------ C:\winfkea.exe
2007-12-05 22:25 . 2007-12-05 22:25 145,984 --a------ C:\WINDOWS\system32\prlblcrd.dll
2007-12-05 22:25 . 2007-12-05 22:25 145,984 --a------ C:\WINDOWS\system32\nqfrgdla.dll
2007-12-05 16:18 . 2007-12-05 16:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-05 16:18 . 2007-12-05 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-05 16:13 . 2007-12-05 21:25 <DIR> d-------- C:\HJT
2007-12-05 16:06 . 2007-12-05 16:06 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico
2007-12-04 22:24 . 2007-12-04 22:24 331,872 --a------ C:\WINDOWS\system32\jkhhg.dll
2007-12-04 22:24 . 2007-12-04 22:24 35,840 --a------ C:\WINDOWS\17PHolmes572.exe
2007-12-04 22:19 . 2007-12-04 22:19 <DIR> d-------- C:\WINDOWS\system32\daSgo01
2007-12-04 22:19 . 2007-12-04 22:19 <DIR> d-------- C:\Temp\bkR11
2007-12-04 22:19 . 2007-12-06 15:22 <DIR> d-------- C:\Temp
2007-12-03 20:56 . 2007-12-03 20:56 <DIR> d-------- C:\Documents and Settings\James Stephenson\Application Data\acccore
2007-12-03 20:41 . 2007-12-03 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-03 20:41 . 2007-12-03 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-03 20:41 . 2007-12-03 20:41 21 --a------ C:\WINDOWS\atid.ini
2007-12-03 20:40 . 2007-12-03 20:41 <DIR> d-------- C:\Program Files\Viewpoint
2007-12-03 20:40 . 2007-12-03 20:40 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-12-03 20:40 . 2007-12-03 20:41 <DIR> d-------- C:\Program Files\AIM6
2007-12-03 20:40 . 2007-12-03 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-03 20:40 . 2007-12-03 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-12-03 20:40 . 2007-12-03 20:41 817 --ah----- C:\IPH.PH
2007-11-26 21:17 . 2007-11-26 21:19 <DIR> d-------- C:\Program Files\Smart PDF Converter Pro
2007-11-26 21:17 . 2007-11-26 21:18 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-25 12:46 . 2007-11-25 12:46 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-11-25 12:45 . 2007-11-25 12:45 <DIR> d-------- C:\WINDOWS\Sun
2007-11-24 12:14 . 2007-12-07 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-23 20:49 . 2007-11-23 20:49 <DIR> d---s---- C:\Documents and Settings\James Stephenson\UserData
2007-11-07 11:33 . 2007-11-07 11:33 <DIR> d-------- C:\Program Files\Cox
2007-11-07 11:20 . 2007-11-07 11:20 <DIR> d-------- C:\Program Files\Winspy
2007-11-07 11:20 . 2001-04-10 00:04 7,380 --a------ C:\WINDOWS\system32\winspy.tlb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 21:43 --------- d-----w C:\Program Files\Steam
2007-12-06 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 15:49 8,576 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2007-12-06 15:48 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-12-05 05:01 --------- d-----w C:\Documents and Settings\James Stephenson\Application Data\LimeWire
2007-12-03 04:10 --------- d-----w C:\Documents and Settings\James Stephenson\Application Data\gtk-2.0
2007-11-18 20:24 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2007-11-08 04:35 --------- d-----w C:\Program Files\TubeSucker
2007-10-31 19:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-09-10 17:55 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-06_15.28.41.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-08-22 20:28:10 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-07 00:06:36 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-08-22 20:28:10 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-07 00:06:36 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-12-05 22:25 145984 --a------ C:\WINDOWS\system32\nqfrgdla.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9B3529D-BCEE-41ED-AFEF-D3BCBE68D8EA}]
2007-12-04 22:24 331872 --a------ C:\WINDOWS\system32\jkhhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7FEA434-618D-372E-D85F-3AE600860292}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ed322492-1dd1-11b2-97dd-8ffbd4161bb8}]
2007-12-05 23:33 71680 --a------ C:\WINDOWS\efuzwvwr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-12-06 08:55 17920 --a------ C:\Program Files\E404 Helper\e404.v5.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\nqfrgdla.dll [2007-12-05 22:25 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-11 18:13]
"Steam"="c:\program files\steam\steam.exe" [2007-11-29 16:43]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 09:20]
"Tair"="C:\WINDOWS\CURITY~1\cmd.exe" []
"Pcbib"="C:\Program Files\Common Files\s?stem32\m?iexec.exe" []
"Pbuyl"="C:\WINDOWS\system32\??curity\?hkntfs.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 18:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"ChkDsk32"="C:\winyres.exe" [2007-12-05 23:33]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-11 18:13]

C:\Documents and Settings\James Stephenson\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-08-16 16:00:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\abc32reg]
C:\Documents and Settings\All Users\Documents\Settings\abc32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nqfrgdla]
nqfrgdla.dll 2007-12-05 22:25 145984 C:\WINDOWS\system32\nqfrgdla.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qerboxse]
qerboxse.dll 2007-12-06 15:03 36928 C:\WINDOWS\system32\qerboxse.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c001D2F2]
__c001D2F2.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkhhg.dll

R0 a320raid;a320raid;C:\WINDOWS\system32\DRIVERS\a320raid.sys
R0 aac;PERC 320/DC SCSI RAID Miniport Driver;C:\WINDOWS\system32\DRIVERS\aac.sys
R0 aarich;aarich;C:\WINDOWS\system32\DRIVERS\aarich.sys
R0 megasas;DELL PERC RAID Driver;C:\WINDOWS\system32\drivers\megasas.sys
S4 vmscsi;vmscsi;C:\WINDOWS\system32\drivers\vmscsi.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d8d2858-41a0-11dc-95d3-000f1fe013f6}]
\Shell\AutoRun\command - E:\LinksysConnectPC.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 21:00:55 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 15:43:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 15:45:45 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-06 17:57
C:\ComboFix3.txt ... 2007-12-06 15:30
.
--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 4:14:39 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\nqfrgdla.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ChkDsk32] C:\winyres.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Tair] "C:\WINDOWS\CURITY~1\cmd.exe" -vt ndrv
O4 - HKCU\..\Run: [Pcbib] "C:\Program Files\Common Files\s?stem32\m?iexec.exe"
O4 - HKCU\..\Run: [Pbuyl] C:\WINDOWS\system32\??curity\?hkntfs.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe" "WUSB54GSC.exe (file missing)

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
The Waiting Room
http://forums.spybot.info/forumdisplay.php?f=37

I apologize for the wait, but you have contributed to it by not reading the directions. They are pinned to the top of the forum and I have posted them above.
You have posted an out of date HJT log. If you still need help, read and follow the directions.

Please do not run and post the Kaspersky scan until I request it, post ONLY a new HJT log with version 2.0.2.

Thanks

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it had been 10 days or more since your last post, and especially if the helper assisting you posted a response to that post to which you did not reply, the topic will not be reopened.

In that situation, if you still require help, it would be best to start a new topic and include a fresh HijackThis log with a link to your original thread.

Everyone else please begin a New Topic.